Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack.

包括兩類，第一類是支援 SSLv2 的伺服器，約 17%：

It allows SSLv2 connections. This is surprisingly common, due to misconfiguration and inappropriate default settings. Our measurements show that 17% of HTTPS servers still allow SSLv2 connections.

第二類是指那些，雖然 server 不支援 SSLv2，但與第一類共用同一把 key，於是可以拿來攻擊，約 16%：

Its private key is used on any other server that allows SSLv2 connections, even for another protocol. Many companies reuse the same certificate and key on their web and email servers, for instance. In this case, if the email server supports SSLv2 and the web server does not, an attacker can take advantage of the email server to break TLS connections to the web server. When taking key reuse into account, an additional 16% of HTTPS servers are vulnerable, putting 33% of HTTPS servers at risk.